To get access token using the refresh token acquired during authentication the following REST API is available:
POST https://www.snap4city.org/auth/realms/master/protocol/openid-connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token&client_id=xxx&refresh_token=…refresh token…
Return 200 if the refresh token is valid, access token is returned
{
"access_token": "…",
"expires_in": 1500,
"refresh_expires_in": 2073600,
"refresh_token": "…",
"token_type": "bearer",
"not-before-policy": 0,
"session_state": "…"
}
Return 400 if the refresh token is not valid or the client_id is not present
{
"error": "invalid_grant",
"error_description": "Invalid refresh token"
}
Note: each authentication request creates a new session on keycloak, it is better to use the refresh token to create a new access token, it is more secure (no need to store user name and password)